Tag Archives: CCDP

Despite warnings from digital rights groups, privacy advocates and experts in the tech world, the government has gone ahead with their plans for blanket surveillance measures on the internet, including controversial practices such as deep packet inspection (DPI).

The draft Communications Data bill published yesterday proposes that individuals’ data is stored using so called “black boxes” tracking their detailed internet use i.e. every website they visit, Google search terms, emails etc. A vast amount of data can be stored in these devices and using specialist software this data can be analysed using search functions and selection methods.

Currently Government Central Head Quarters (GCHQ) can access a large amount of data and conduct surveillance of specific suspects, the difference in the CCDP bill is that this data would be accessible in relation to any member of the public. The idea behind this seems to be that by conducting “blanket surveillance” the authorities could catch criminals who are not yet suspects.

Throwing such a wide net however would also consequently entangle innocent people and breach their privacy, while most likely only finding those criminals who lack basic internet skills. The issue here is rather who the authorities actually wish to target and where they plan to concentrate their resources, than assuming everyone is a suspected criminal. Apart from a terrifying intrusion into people’s private information this would be an arduous task for police, who currently are lacking the resources to analyse comparatively low levels of data already.

This brings me on to the next issue – costs. The proposed cost for the implementation of the bill is over a billion pounds. Judging by experience on spending for the Olympics this figure is likely to rise by quite a lot. At a time when there are cuts to essential services in the NHS, legal aid and right across the public sector, where will the government manage to drum up the money for implementing a misguided and ludicrous piece of legislation – which looks to only benefit the security industry itself.

While the security industry may prove lucrative for the government, the harm that this bill will cause to the public greatly overrides any government-business relations. Such an outright invasion of individuals’ privacy and the breach of personal freedoms and basic human rights cannot be justified by the government in any way whether it is business-motivated or not.

Analysing internet use can paint a very intimate picture of someone’s private life such as their health, financial situation and their personal relationships. It is not only an extreme breach of a person’s privacy but it is also completely unnecessary. Most of those affected will be innocent members of the public who may be unaware of the full extent of the bill and who do not know how to encrypt websites. Furthermore, the criminals that the government is referring to, can easily bypass the surveillance measures, thus making them even more difficult to catch.

While the government insists it will not read the data, it claims that it must have access to it for the purpose of catching criminals. Charles Farr – the head of the Home Office’s of security and counter-terrorism office, was extremely defensive when questioned about the bill and merely stated “trust us, we know”. On the contrary, it appears that any sensible person with expertise in the field of internet security would know that the proposals in the bill make very little practical or financial sense. Therefore trusting the government to “know what it’s doing” seems more and more naive on this issue.

It appears that this is just one of several bills the government is putting forward which seeks to take away fundamental personal freedoms and infringe basic human rights. Only on Sunday, Theresa May criticised judges for “not qualifying” Article 8 of the European Convention on Human Rights (ECHR) and being too lenient on criminals who use Art.8 to remain in the UK (even though only 2% of foreign nationals facing deportation after criminal proceedings successfully apply Art.8 to remain in the UK). These recent policies proposed by the government are particularly worrying as they may have severe consequences for basic human rights in the UK.

The government has taken the line that this is an effective way of catching the usual bogeymen – terrorists and paedophiles. What they are still failing to consider, is that the system is relatively easy to bypass and simply requires the use of encrypted pages – in simple terms this means that websites using “https” rather than “http” cannot be tracked.

Yesterday I attended the Scrambling for Safety conference at the LSE. I was really impressed by the wide range of speakers, from the leader of human rights group Liberty Shami Chakrabarti to the Conservative MP David Davis. Finally a real discussion featuring voices from a wide range of political and ideological affiliations, although noting the absence of any Labour politicians. It was a bit less exciting when I realised they all seemed to agree…

The members of the panel talked about the importance of privacy and the negative implications of the invasion of privacy. They also agreed, particularly Julian Huppert and David Davis MP, that politicians generally do not have a clue and often take advice from civil servants and security officials as fact. They often seem to rely on information without attempting to validate or research it themselves, probably due to the volume of information that relates to many issues. But what I really wanted to know was how much would it cost? Is it even viable or productive? Would it in any way benefit the general public in a way that would justify such an invasion of privacy? If not, why on earth was this happening? If stronger policies on surveillance are indeed necessary what are the alternatives?

Some light was shed on these questions in the second panel, who could not identify any real benefit of swamping the police with massive amounts of data and the chaos which would ensue as a result. Data gathering on such a large scale does not seem to make sense at all. If the government’s plans to combat serious crime and terrorism with these measures, this shows a clear lack of foresight. The panel emphasized that gathering data in this way would only catch very basic internet users, as there are so many ways to hide the data being picked up, such as using encrypted pages. Monitoring basic internet use, when more advanced users (you don’t need to be very advanced to use dropbox for example) know a way around it, would encourage a culture of “underground internet use”. This would only complicate things for the police/security services. It is also a waste of money and resources to invest in a policy that is fundamentally ineffective and extremely invasive of basic rights and freedoms. The costs are therefore certainly not outweighed by the benefits, which seem negligible if there even are any.

Whitfield Diffie, somewhat of a celebrity in the tech world, so I was told, addressed the issue of privacy of search terms such as e.g. divorce lawyers or cancer clinics which may be largely indicative of your private life. By accessing an individual’s search data the government would be enforcing a huge invasion of privacy, but it would also be largely counter productive and irrelevant to the police regarding surveillance matters.

A retired police officer in the audience stated that it appears the government are seeking to implement preemptive measures. Such data is often unusable and overwhelming to the police force because of the sheer volume. Analysing such data is complex and time consuming and thus provides little value in many investigations which need to be carried out swiftly. He gave the example of the recent shootings in Tolouse – France, where police had access to 500 intercepted email messages which provided a lead to the suspect. However the manpower to analyse and identify suspects in pressing operations will not always be available in relation to processing data. The police may not have enough people assigned to a particular case to be able to go through all the available data.

The conference was wrapped up by Nick Pickles from Big Brother Watch, who ended the day with a quote from David Cameron criticising Labour’s policies on surveillance. He pointed out that the coalition government must keep their word, something I fully agree with. He then added that he was standing for the Conservatives in the next election, making his short speech seem a little more like a self interested campaign. However the fact that the organisers were from a wide variety of civil society organisations allowed a broad discussion on an issue that affects everyone regardless of their political affiliation.

The main arguments made at the conference, appeared to be that the proposal is not only a gross invasion of fundamental rights and freedoms in both national and European law, but that it is also both costly and ineffective. The plan seems to be based on a misinformed and misguided policy relating to security, which doesn’t seem to provide any benefit to government, the police or national security. While this issue could have huge negative consequences it is still barely understood by either government or the public.

Shami Chakrabarti used the quote “they say the innocent have nothing to hide – but they do have something to protect”. At present there is little legislation relating to privacy law in the UK and Article 8 of the European Convention on Human Rights (ECHR) – the right to a private and family life, is often loosely applied. The Scrambling for Safety conference highlighted the fact that even current law on communications remains highly contentious. The proposed casual and constant invasion of privacy is not in the public interest, neither in terms of security nor cost. The proposal is unrealistic and inappropriate, what is really needed in the UK are stronger privacy laws/rights to protect our freedom and to fully integrate and apply Article 8 of the ECHR in national law.